It’s sadly become a fact of life that security breaches happen with alarming frequency. Hackers have been trying to get at valuable data for decades, but only in recent years have data breaches reached monumental proportions. During the 2013 holiday season, Target experienced a massive breach where 40 million debit and credit card numbers were stolen with other effects reaching up to 110 million customers. eBay more recently was the victim of a security breach where a database holding user passwords was infiltrated, giving attackers access to around 145 million records. Other breaches have hit Coca-Cola, Neiman Marcus, SnapChat, Michaels and even institutions of higher learning. (Tweet This) From these incidents, customers and businesses are quickly realizing cyberattacks are almost an expected occurrence, but there are also a number of important lessons that can be learned to prevent future problems or at least minimize the damage done.
1. Communication is Key
If there’s a problem, companies need to communicate that to their customers as soon as possible. Bad communication can sometimes make a problem worse or ruin a company’s reputation. Target unfortunately didn’t alert customers until days after news outlets had already been running the story. In SnapChat’s case, months passed before the company admitted being the victim of a security breach. For a good example, look at how Michaels handled its security issue. The company was on top of things and told customers about the breach even though it didn’t have all the information at the time. Companies need to communicate to customers so they feel informed, building trust in the process.
2. Customer Service Must Be A Priority
Chances are, a security breach is bound to happen sooner or later. When it happens, companies need to work to rebuild trust as quickly as possible. One of the main ways to do this is through quality customer service. Customers will obviously have a lot of questions and concerns, so companies need to present a means through which they can get answers and reassurance. This was another failing on Target’s part as customers faced serious issues of website gridlock, unclear emails, and poorly managed social media channels. Companies also need to have a way to make it up to customers, whether it be through special discounts for those who had information compromised, free credit monitoring, or other offered solutions for security problems.
3. Security Technology Needs To Be Updated
Hackers will almost always be one step ahead of security efforts, so companies need to constantly update and upgrade their security systems or risk being left far behind. That usually requires investing in the latest in network defenses and IT security technology. Simply changing passwords or encrypting information isn’t always enough. Every security system will have some kind of weakness, so companies need to identify where their weaknesses might be and work to strengthen their system defenses. It’s a good idea to further restrict system access, use stronger passwords, update software applications with new security patches, and, when available, eliminate remote access.
4. Establish Information Security Policies
Security goes beyond the latest technologies and updates. Companies need to make sure their security controls are able to meet the challenges of today. In the case of Coca-Cola, the recent security breach happened when data was accessed from old computers kept by a former employee. Those computers contained personal information of tens of thousands of company employees along with sensitive company data. Clear information security policies should specifically address how data is handled and disposed of. These are standards that reduce the risk of data loss and leaks and can prevent future security breaches.
5. Know That No Company Is Safe
Perhaps one of the most important lessons to learn from the recent security issues is that no company is truly safe from data theft. It’s a lesson that’s hard for many businesses to accept, but that doesn’t change the reality of it. Too many companies have a false sense of security, which helps account for outdated security policies, inadequate technology, and lack of disaster plans. Companies need to understand that they can just as easily become the next Target or eBay. Proper preparation is necessary for meeting these challenges head on, but it requires planning, determination, and a commitment to investing in the security of the business.The grim reality is that security breaches happen all too often. Working now to face that reality can save a company a lot of pain and money in the future. Those businesses willing to prepare for the worst will find it much easier to recover from security disasters.